Customer Login

Username:Password:

top-choice.info

Cisco Captive Portal At-A-Glance

Wework for you!

Captive portal это

Wifi-soft's UniBox appliance can be used as a BYOD appliance in wired or wireless networks. It provides the necessary features needed to offer BYOD functions such as auto-registering, approval based access, client fingerprinting, access rules and more. Administrator can configure separate captive portals with different access policies for guest and regular users. Advanced bandwidth management rules can be configured to ensure the available Internet bandwidth is fairly allocated amongst the users UniBox serves as a affordable alternative to expensive BYOD controllers available in the market today.

IT administrators can configure private SSID for WPA2 enabled access along with a public one. The public one can be used for guest access through a splash page. By segregating the Internet traffic using VLAN and separate SSIDS administrators can have better control on their network and keep the private network separate from the public access users.

UniBox uses client fingerprinting for identifying various mobile devices and monitor their access on the enterprise networks. Administrator can control private use of mobile devices on their networks and selectively allow access to shared resources and company servers to authorized devices. Each device can be tracked individually and unauthorized use can be monitored and audited. UniBox provides all the necessary tools needed to identify and authorize private devices in the modern corporate environments.

IT administrator can enforce various network access policies using UniBox's policy manager. These include controlling Internet access to specific time of day and days of the week, restricting number of client devices, dynamically allotting bandwidth as per user load, restricting users based on fair usage rules and more. Administrators can also allocate varying bandwidth for different applications to ensure QoS requirements are met.

Ability to block unwanted content on a wired or wireless network is increasingly becoming important for network operators and administrators. Most companies have strict rules on Internet traffic and administrators need to enforce restrictions on certain category of websites. UniBox runs a content filtering service that allows administrators to block access to certain category of websites. They can fine tune their content filtering service by adding or omitting specific websites from the block list.

The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted.

The authentication server supports both HTTP and HTTPS Web connections. In addition, you can configure captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by captive portal. Note that this optional port is in addition to the standard HTTP port 80, which is currently being used for all other Web traffic.

Captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When a wired physical port is enabled for captive portal, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for captive portal. When an unauthenticated client opens a Web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal Web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authentiates, the client is given access to port.

You can enable captive portal on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The captive portal feature uses MAC-aaddress based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network.

The captive portal configuration provides the network administrator control over verification and authentication, assignment to interfaces, client sessions, and Web page customization.

Wifi-soft's UniBox appliance can be used as a BYOD appliance in wired or wireless networks. It provides the necessary features needed to offer BYOD functions such as auto-registering, approval based access, client fingerprinting, access rules and more. Administrator can configure separate captive portals with different access policies for guest and regular users. Advanced bandwidth management rules can be configured to ensure the available Internet bandwidth is fairly allocated amongst the users UniBox serves as a affordable alternative to expensive BYOD controllers available in the market today.

IT administrators can configure private SSID for WPA2 enabled access along with a public one. The public one can be used for guest access through a splash page. By segregating the Internet traffic using VLAN and separate SSIDS administrators can have better control on their network and keep the private network separate from the public access users.

UniBox uses client fingerprinting for identifying various mobile devices and monitor their access on the enterprise networks. Administrator can control private use of mobile devices on their networks and selectively allow access to shared resources and company servers to authorized devices. Each device can be tracked individually and unauthorized use can be monitored and audited. UniBox provides all the necessary tools needed to identify and authorize private devices in the modern corporate environments.

IT administrator can enforce various network access policies using UniBox's policy manager. These include controlling Internet access to specific time of day and days of the week, restricting number of client devices, dynamically allotting bandwidth as per user load, restricting users based on fair usage rules and more. Administrators can also allocate varying bandwidth for different applications to ensure QoS requirements are met.

Ability to block unwanted content on a wired or wireless network is increasingly becoming important for network operators and administrators. Most companies have strict rules on Internet traffic and administrators need to enforce restrictions on certain category of websites. UniBox runs a content filtering service that allows administrators to block access to certain category of websites. They can fine tune their content filtering service by adding or omitting specific websites from the block list.

The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted.

The authentication server supports both HTTP and HTTPS Web connections. In addition, you can configure captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by captive portal. Note that this optional port is in addition to the standard HTTP port 80, which is currently being used for all other Web traffic.

Captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When a wired physical port is enabled for captive portal, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for captive portal. When an unauthenticated client opens a Web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal Web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authentiates, the client is given access to port.

You can enable captive portal on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The captive portal feature uses MAC-aaddress based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network.

The captive portal configuration provides the network administrator control over verification and authentication, assignment to interfaces, client sessions, and Web page customization.

Yes. If they are both used, Untangle uses the captive portal username over the UNLS-specified username. Both can be viewed in the 'View Hosts.' The 'Captive Portal - Username' shows the captive portal username, the 'Directory Connector - Username' shows the UNLS/Directory Connector username, and the 'Username' column shows the global username.

It may be better to add a Captive Portal Capture Rule rule to Pass when username == [authenticated]. This rule would ensure that hosts that already have known usernames via the UNLS are not captured via the Captive Portal. This way a host can be authenticated via the UNLS or the captive portal, but will not need to use both.

If you need users to be able to log themselves out, they can browse to <Untangle's_LAN_IP>/capture/logout to make this happen.

The Block Event Log shows all traffic that is being blocked because the source machine has not been authenticated. This is useful for finding out what traffic is being blocked and if there is any that should not be blocked. Often idle machines without logged in users can still be active on the network, making this log quite large. If there is activity that shouldn't be blocked under any circumstances this can be fixed by modifying the Capture Rules , the client and server pass lists, or creating bypass rules if Capture Bypass Traffic is unchecked.

The custom.zip must have either a custom.py or a custom.html at the top level. It can not be within a arbitrary subdirectory. If there is not a custom.py or a custom.html at the top level this message will be displayed.

In the community I live in we run a couple of internal services and guard Internet-Access by pfSenses Captive Portal (“CP”).

The Captive Portal intercepts any traffic for a not yet registered IP/MAC-Adress pair (clients come from the local network, so IP-Adresses can resolved to MAC-Adresses, although this can be tricked) and responds with a login page.

Users can either be defined with a local user manager, a RADIUS server or an LDAP server (this is another story and worth another blog post). Upon successfull login, the MAC/IP/username-triple will be saved in a SQLite-database, the user is redirected to the requested URL ( redirurl ) and forthcoming traffic will be allowed.

The Captive Portal (with default settings) has a serious drawback: Only standard HTTP traffic can be intercepted, or more precisely: a redirect to the login page only works for HTTP-connections (for good reason). In principle it is possible to use a certificate and intercept/redirect https-traffic, but you need a proper certificate if the users should not be scared away by a certificate warning. Note: Yes, allowing http logins is as good as no logins if you are talking real security.

As a result, the login page of the Captive portal will only be shown if users attempt to access a http (vs https) page . Many users browsers are however configured to initially load (“homepage”) a https page (which is good). These users are confronted with a connection timeout and will be scared that no internet connection is available, our intranet or their computer is broken.

One solution (besides many others) is to communicate a dedicated login page (e.g. https://intranet.intern), where after successfull login the Captive Portal redirects to a given page - the redirurl is just a parameter to the login-page ( http://192.168.0.1:8002/?redirurl=http://github.com for example).

Wifi-soft's UniBox appliance can be used as a BYOD appliance in wired or wireless networks. It provides the necessary features needed to offer BYOD functions such as auto-registering, approval based access, client fingerprinting, access rules and more. Administrator can configure separate captive portals with different access policies for guest and regular users. Advanced bandwidth management rules can be configured to ensure the available Internet bandwidth is fairly allocated amongst the users UniBox serves as a affordable alternative to expensive BYOD controllers available in the market today.

IT administrators can configure private SSID for WPA2 enabled access along with a public one. The public one can be used for guest access through a splash page. By segregating the Internet traffic using VLAN and separate SSIDS administrators can have better control on their network and keep the private network separate from the public access users.

UniBox uses client fingerprinting for identifying various mobile devices and monitor their access on the enterprise networks. Administrator can control private use of mobile devices on their networks and selectively allow access to shared resources and company servers to authorized devices. Each device can be tracked individually and unauthorized use can be monitored and audited. UniBox provides all the necessary tools needed to identify and authorize private devices in the modern corporate environments.

IT administrator can enforce various network access policies using UniBox's policy manager. These include controlling Internet access to specific time of day and days of the week, restricting number of client devices, dynamically allotting bandwidth as per user load, restricting users based on fair usage rules and more. Administrators can also allocate varying bandwidth for different applications to ensure QoS requirements are met.

Ability to block unwanted content on a wired or wireless network is increasingly becoming important for network operators and administrators. Most companies have strict rules on Internet traffic and administrators need to enforce restrictions on certain category of websites. UniBox runs a content filtering service that allows administrators to block access to certain category of websites. They can fine tune their content filtering service by adding or omitting specific websites from the block list.

Wifi-soft's UniBox appliance can be used as a BYOD appliance in wired or wireless networks. It provides the necessary features needed to offer BYOD functions such as auto-registering, approval based access, client fingerprinting, access rules and more. Administrator can configure separate captive portals with different access policies for guest and regular users. Advanced bandwidth management rules can be configured to ensure the available Internet bandwidth is fairly allocated amongst the users UniBox serves as a affordable alternative to expensive BYOD controllers available in the market today.

IT administrators can configure private SSID for WPA2 enabled access along with a public one. The public one can be used for guest access through a splash page. By segregating the Internet traffic using VLAN and separate SSIDS administrators can have better control on their network and keep the private network separate from the public access users.

UniBox uses client fingerprinting for identifying various mobile devices and monitor their access on the enterprise networks. Administrator can control private use of mobile devices on their networks and selectively allow access to shared resources and company servers to authorized devices. Each device can be tracked individually and unauthorized use can be monitored and audited. UniBox provides all the necessary tools needed to identify and authorize private devices in the modern corporate environments.

IT administrator can enforce various network access policies using UniBox's policy manager. These include controlling Internet access to specific time of day and days of the week, restricting number of client devices, dynamically allotting bandwidth as per user load, restricting users based on fair usage rules and more. Administrators can also allocate varying bandwidth for different applications to ensure QoS requirements are met.

Ability to block unwanted content on a wired or wireless network is increasingly becoming important for network operators and administrators. Most companies have strict rules on Internet traffic and administrators need to enforce restrictions on certain category of websites. UniBox runs a content filtering service that allows administrators to block access to certain category of websites. They can fine tune their content filtering service by adding or omitting specific websites from the block list.

The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted.

The authentication server supports both HTTP and HTTPS Web connections. In addition, you can configure captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by captive portal. Note that this optional port is in addition to the standard HTTP port 80, which is currently being used for all other Web traffic.

Captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When a wired physical port is enabled for captive portal, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for captive portal. When an unauthenticated client opens a Web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal Web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authentiates, the client is given access to port.

You can enable captive portal on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The captive portal feature uses MAC-aaddress based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network.

The captive portal configuration provides the network administrator control over verification and authentication, assignment to interfaces, client sessions, and Web page customization.

Yes. If they are both used, Untangle uses the captive portal username over the UNLS-specified username. Both can be viewed in the 'View Hosts.' The 'Captive Portal - Username' shows the captive portal username, the 'Directory Connector - Username' shows the UNLS/Directory Connector username, and the 'Username' column shows the global username.

It may be better to add a Captive Portal Capture Rule rule to Pass when username == [authenticated]. This rule would ensure that hosts that already have known usernames via the UNLS are not captured via the Captive Portal. This way a host can be authenticated via the UNLS or the captive portal, but will not need to use both.

If you need users to be able to log themselves out, they can browse to <Untangle's_LAN_IP>/capture/logout to make this happen.

The Block Event Log shows all traffic that is being blocked because the source machine has not been authenticated. This is useful for finding out what traffic is being blocked and if there is any that should not be blocked. Often idle machines without logged in users can still be active on the network, making this log quite large. If there is activity that shouldn't be blocked under any circumstances this can be fixed by modifying the Capture Rules , the client and server pass lists, or creating bypass rules if Capture Bypass Traffic is unchecked.

The custom.zip must have either a custom.py or a custom.html at the top level. It can not be within a arbitrary subdirectory. If there is not a custom.py or a custom.html at the top level this message will be displayed.

iCloud DNS Bypass - Captive Portal is ready for testing.

What is captive portal? - Definition from WhatIs.com

Wifi-softs UniBox appliance can be used as a BYOD appliance in wired or wireless networks. It provides the necessary features needed to offer BYOD functions such as auto-registering, approval based access, client fingerprinting, access rules and more.